DOCSLIB.ORG

Edit Distance Correlation Attack on the Alternating Step Generator

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Edit Distance Correlation Attack on the Alternating Step Generator Edit Distance Correlation Attack on the Alternating Step Generator Jovan Dj. Golid 1 * and Renato Menicocci2 1 School of Electrical Engineering, University of Belgrade Bulevar Revolucije 73, 11001 Beograd, Yugoslavia Email: golic~galeb.etf.bg.ac.yu 2 Fondazione Ugo Bordoni Via B. Castiglione 59, 00142 Roma, Italy Emaih rmenic~fub.it Abstract. A novel edit distance between two binary input strings and one binary output string of appropriate lengths which incorporates the stop/go clocking in the alternating step generator is introduced. An ef- ficient recursive algorithm for the edit distance computation is derived. The corresponding correlation attack on the two stop/go clocked shift registers is then proposed. By systematic computer simulations, it is shown that the minimum output segment length required for a success- ful attack is linear in the total length of the two stop/go clocked shift registers.This is verified by experimental attacks on relativelyshort shift registers. Key words. Stream ciphers, clock-controlled shift registers, alternating step generator, edit distance, cryptanalysis, correlation attacks. 1 Introduction Keystream generators for stream cipher apphcations consisting of a small num- ber of clock-controlled shift registers combined by a linear function seem to provide an efficient means for producing sequences with long period, high linear complexity, and good statistical properties, see [7]. The stop-and-go clocking is particularly popular for high speed applications. At any time, a stop/go shift reg- ister is clocked once if the clock-control input bit is equal to 1 and is not clocked at all otherwise. The clock-control sequence can be generated by another, reg- ularly clocked shift register, whereas the inherent autocorrelation weakness due to the repetition of bits in a stop/go shift register can be overcome by linearly combining its output with the output of an additional regularly clocked shift * This work was done while the first author was with the Information Security Research Centre, Queensland University of Technology, Brisbane, Australia. Part of this work was carried out while the first author was on leave at the Isaac Newton Institute for Mathematical Sciences, Cambridge, United Kingdom. This research was supported in part by the Science Fund of Serbia, grant #04M02, through the Mathematical Institute, Serbian Academy of Science and Arts. 500 register [1], which may be the same as the clock-control one, as is the case in the well-known stop/go cascades [7]. Typically, all the shift registers have linear feedback. However, the additional linear feedback shift register (LFSR) intro- duced to improve the statistics is then vulnerable to a fast correlation attack based on the repetition weakness [12]. If the clock-control LFSR is itself linearly combined with the stop/go one to produce the output, then it succumbs to a specific, conditional correlation attack [10] which exploits the same repetition weakness, but in a different, perhaps unexpected way. The alternating step generator (ASG) [81 is an interesting combination of three binary LFSRs, two of which, LFSR1 and LFSR2, are stop/go clocked in a special way by the third one, LFSR3, which is regularly clocked. Instead of LFSR3, one may also use any binary keystream generator. More precisely, if the clock-control bit is equal to 1, then LFSR1 is clocked and LFSR2 is not, and if the clock-control bit is equal to 0, then LFSR2 is clocked and LFSR1 is not. The output sequence is formed as the bitwise sum of the two stop/go clocked LFSR sequences. Although it was proposed before the appearance of [12] and [10], the ASG is not vulnerable to the attacks there introduced. It is shown in [8] that the initial state of the clock-control LFSR3 can be recovered via a divide-and- conquer attack which can be regarded as a special kind of the linear consistency attack [11], which appeared later. Namely, if and only if the guess about the initial state of LFSR3 is correct, then the first binary derivative of the output sequence gives rise to the first binary derivatives of both the regularly clocked LFSR1 and LFSR2 sequences which are then easily tested for linear complexity by the Berlekamp-Massey algorithm [9]. The objective of this paper is to investigate whether a divide-and-conquer attack on LFSR1 and LFSR2 is possible. A way of doing this is to take the edit distance [2] or edit probability [3] approaches developed for memoryless combiners (for combiners with memory, see [6]) and adapt them to deal with the stop/go clocking. The main idea is to define the edit distance between two binary input strings and one binary output string of appropriate lengths as the minimum possible number of effective substitutions (complementatious) needed in the combination string, produced from the two input strings by the stop/go clocking in the ASG manner, to obtain the output string, where the minimum is taken over all binary clock-control strings. Our first result is to prove that this unusual edit distance can be computed efficiently by a recursive algorithm whose computational complexity is quadratic in the output string length. Our second contribution is to show by systematic experiments obtained by computer simulations that the minimum output sequence length required for the success of the corresponding edit distance correlation attack is linear in the total length of LFSR1 and LFSR2. The reconstruction of the LFSR3 initial state is also discussed. In Section 2, a more detailed description of the ASG along with its basic properties is provided. The edit distance and the recursive algorithm for its efficient computation are presented in Section 3, and the experimental results on the underlying embedding probabilities are shown in Section 4. The corre- 501 sponding correlation attack is explained and experimentally verified in Section 5. Conclusions and some open problems are ~ven in Section 6. 2 Alternating Step Generator In this section, we recall the structure and basic properties of the alternating step generator (ASG), as presented in [8]. As shown in Fig. 1, the output of the ASG is obtained by bitwise addition (modulo two) of the output sequences of two binary linear feedback shift registers, LFSRI and LFSR2, whose stop/go clocking is defined by a binary clock-control generator (CCG), which is typically another, but regularly clocked LFSR, denoted as LFSR3. It is assumed that LFSR1 and LFSR2 have different irreducible feedback polynomials of respective degrees rl and r2 and respective coprime periods P1 and P2. At every step, only one LFSR is stepped and the output bit is assumed to be produced in the step-then-add manner. Let c~ denote the output bit of the CCG at step t _> 1. Then, in order to obtain the ASG output bit zt at step t, we first step LFSR1 or LFSR2 depending on whether c~ = 1 or c~ = 0, respectively, and then we add modulo two the output bits of LFSR1 and LFSR2. Observe that LFSR1 is stop/go clocked, whereas LFSR2 is go/stop clocked. In [8], some good cryptographic properties of the ASG, such as a long period (P), a high linear complexity (L), and approximately uniform relative frequency of short output patterns on a period are established, under the assumption that the clock-control sequence is a de Bruijn sequence of period 2 k. More precisely, it is proven that P = P1 P2 2 k and (rl + r2) 2 k-1 < L _< (rl + r2) 2 k, whereas for approximately uniform distribution of the output patterns of length not bigger than min(rl, r2), it is in addition required that the feedback polynomials of LFSR1 and LFSR2 be primitive as well. It is expected that similar results also hold if the CCG is a LFSR with a primitive feedback polynomial whose period is coprime to P1 P2. As mentioned in the previous section, it is also shown in [8] that there exists a (linear consistency) divide-and-conquer attack on the clock-control generator. 3 Edit Distance Let X '~+1 = xl,x2,...,xrL+l and y,+l = Yl,Y2,...,Yn+I denote two binary input strings and let Z '~ = Zl, z2,..., zn denote a binary output string. Given a binary clock-control string C n -- cl, c2,..., an, let 2'* = ~1, z2,---, ~n denote the combination string produced from X 'z+l and y,+1 by the step-then-add alternating stepping according to C" (X n+l and yn+l correspond to the reg- ularly clocked LFSR1 and LFSR2 sequences of length n + 1, respectively). Ac- cordingly, we initially have Zl = xl Y2 if cl = 0 and ~1 -- x2 Yl if cl = 1, whereas for any 1 < s < n - 1 and 0 < l < s, if l denotes the number of ones in C s, then ~s = x~+l SY3+l-Z and we have ~s+l = xl+l SYs+2-~ if cs+l = 0 and ~s+l = xl+2 $ Ys+l-I if cs+l -- 1. 502 LFSRI Zt I : LFSR2 I Fig. 1. The alternating step generator. The edit distance between a given pair of strings (X n+l, yn+l) and a given string Z ", denoted as D(X "+1, y,+x; Z,), is then defined by D(X"+I,Yn+a;Z n) = rain dH(Z",2 ~) (1) C'~E{O,1} n where dH(Z n, 2 n) denotes the Hamming distance between Z n and 2 n. In other words, the edit distance is defined as the minimum number of effective substitutions needed to obtain Z n from 2n, where the minimum is over all 2 n binary clock-control strings C n. Apart from the substitutions in the combination string 2 n, the edit transformation of the input strings (X n+x, yn+l) into the output string Z n also contains one deletion of the first bit from one of the input strings and exactly n - 1 repetitions of bits in the input strings, regardless of the clock-control string C n.
Load more

Recommended publications
  • Middleware in Action 2007
    Technology Assessment from Ken North Computing, LLC Middleware in Action Industrial Strength Data Access May 2007 Middleware in Action: Industrial Strength Data Access Table of Contents 1.0 Introduction ............................................................................................................. 2 Mature Technology .........................................................................................................3 Scalability, Interoperability, High Availability ...................................................................5 Components, XML and Services-Oriented Architecture..................................................6 Best-of-Breed Middleware...............................................................................................7 Pay Now or Pay Later .....................................................................................................7 2.0 Architectures for Distributed Computing.................................................................. 8 2.1 Leveraging Infrastructure ........................................................................................ 8 2.2 Multi-Tier, N-Tier Architecture ................................................................................. 9 2.3 Persistence, Client-Server Databases, Distributed Data ....................................... 10 Client-Server SQL Processing ......................................................................................10 Client Libraries ..............................................................................................................
    [Show full text]
  • A Practical Attack on Broadcast RC4
    A Practical Attack on Broadcast RC4 Itsik Mantin and Adi Shamir Computer Science Department, The Weizmann Institute, Rehovot 76100, Israel. {itsik,shamir}@wisdom.weizmann.ac.il Abstract. RC4is the most widely deployed stream cipher in software applications. In this paper we describe a major statistical weakness in RC4, which makes it trivial to distinguish between short outputs of RC4 and random strings by analyzing their second bytes. This weakness can be used to mount a practical ciphertext-only attack on RC4in some broadcast applications, in which the same plaintext is sent to multiple recipients under different keys. 1 Introduction A large number of stream ciphers were proposed and implemented over the last twenty years. Most of these ciphers were based on various combinations of linear feedback shift registers, which were easy to implement in hardware, but relatively slow in software. In 1987Ron Rivest designed the RC4 stream cipher, which was based on a different and more software friendly paradigm. It was integrated into Microsoft Windows, Lotus Notes, Apple AOCE, Oracle Secure SQL, and many other applications, and has thus become the most widely used software- based stream cipher. In addition, it was chosen to be part of the Cellular Digital Packet Data specification. Its design was kept a trade secret until 1994, when someone anonymously posted its source code to the Cypherpunks mailing list. The correctness of this unofficial description was confirmed by comparing its outputs to those produced by licensed implementations. RC4 has a secret internal state which is a permutation of all the N =2n possible n bits words.
    [Show full text]
  • In the United States Bankruptcy Court for the District of Delaware
    Case 21-10527-JTD Doc 285 Filed 04/14/21 Page 1 of 68 IN THE UNITED STATES BANKRUPTCY COURT FOR THE DISTRICT OF DELAWARE ) In re: ) Chapter 11 ) CARBONLITE HOLDINGS LLC, et al.,1 ) Case No. 21-10527 (JTD) ) Debtors. ) (Jointly Administered) ) AFFIDAVIT OF SERVICE I, Victoria X. Tran, depose and say that I am employed by Stretto, the claims and noticing agent for the Debtors in the above-captioned case. On April 10, 2021, at my direction and under my supervision, employees of Stretto caused the following documents to be served via first-class mail on the service list attached hereto as Exhibit A, and via electronic mail on the service list attached hereto as Exhibit B: Notice of Proposed Sale or Sales of Substantially All of the Debtors’ Assets, Free and Clear of All Encumbrances, Other Than Assumed Liabilities, and Scheduling Final Sale Hearing Related Thereto (Docket No. 268) Notice of Proposed Assumption and Assignment of Designated Executory Contracts and Unexpired Leases (Docket No. 269) Furthermore, on April 10, 2021, at my direction and under my supervision, employees of Stretto caused the following documents to be served via first-class mail on the service list attached hereto as Exhibit C, and via electronic mail on the service list attached hereto as Exhibit D: Notice of Proposed Sale or Sales of Substantially All of the Debtors’ Assets, Free and Clear of All Encumbrances, Other Than Assumed Liabilities, and Scheduling Final Sale Hearing Related Thereto (Docket No. 268, Pages 1-4) Notice of Proposed Assumption and Assignment of Designated Executory Contracts and Unexpired Leases (Docket No.
    [Show full text]
  • Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition
    KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Promotor: Proefschrift voorgedragen tot Prof. Dr. ir. Bart Preneel het behalen van het doctoraat in de ingenieurswetenschappen door Souradyuti Paul November 2006 KATHOLIEKE UNIVERSITEIT LEUVEN FACULTEIT INGENIEURSWETENSCHAPPEN DEPARTEMENT ELEKTROTECHNIEK{ESAT Kasteelpark Arenberg 10, 3001 Leuven-Heverlee Cryptanalysis of Stream Ciphers Based on Arrays and Modular Addition Jury: Proefschrift voorgedragen tot Prof. Dr. ir. Etienne Aernoudt, voorzitter het behalen van het doctoraat Prof. Dr. ir. Bart Preneel, promotor in de ingenieurswetenschappen Prof. Dr. ir. Andr´eBarb´e door Prof. Dr. ir. Marc Van Barel Prof. Dr. ir. Joos Vandewalle Souradyuti Paul Prof. Dr. Lars Knudsen (Technical University, Denmark) U.D.C. 681.3*D46 November 2006 ⃝c Katholieke Universiteit Leuven { Faculteit Ingenieurswetenschappen Arenbergkasteel, B-3001 Heverlee (Belgium) Alle rechten voorbehouden. Niets uit deze uitgave mag vermenigvuldigd en/of openbaar gemaakt worden door middel van druk, fotocopie, microfilm, elektron- isch of op welke andere wijze ook zonder voorafgaande schriftelijke toestemming van de uitgever. All rights reserved. No part of the publication may be reproduced in any form by print, photoprint, microfilm or any other means without written permission from the publisher. D/2006/7515/88 ISBN 978-90-5682-754-0 To my parents for their unyielding ambition to see me educated and Prof. Bimal Roy for making cryptology possible in my life ... My Gratitude It feels awkward to claim the thesis to be singularly mine as a great number of people, directly or indirectly, participated in the process to make it see the light of day.
    [Show full text]
  • *UPDATED Canadian Values 07-04 201 7/26/2016 4:42:21 PM *UPDATED Canadian Values 07-04 202 COIN VALUES: CANADA 02 .0 .0 12
    CANADIAN VALUES By Michael Findlay Large Cents VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1917 1.00 1.25 1.50 2.50 13. 45. CANADA COIN VALUES: 1918 1.00 1.25 1.50 2.50 13. 45. 1919 1.00 1.25 1.50 2.50 13. 45. 1920 1.00 1.25 1.50 3.00 18. 70. CANADIAN COIN VALUES Small Cents PRICE GUIDE VG-8 F-12 VF-20 EF-40 MS-60 MS-63R GEORGE V All prices are in U.S. dollars LargeL Cents C t 1920 0.20 0.35 0.75 1.50 12. 45. Canadian Coin Values is a comprehensive retail value VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1921 0.50 0.75 1.50 4.00 30. 250. guide of Canadian coins published online regularly at Coin VICTORIA 1922 20. 23. 28. 40. 200. 1200. World’s website. Canadian Coin Values is provided as a 1858 70. 90. 120. 200. 475. 1800. 1923 30. 33. 42. 55. 250. 2000. reader service to collectors desiring independent informa- 1858 Coin Turn NI NI 2500. 5000. BNE BNE 1924 6.00 8.00 11. 16. 120. 800. tion about a coin’s potential retail value. 1859 4.00 5.00 6.00 10. 50. 200. 1925 25. 28. 35. 45. 200. 900. Sources for pricing include actual transactions, public auc- 1859 Brass 16000. 22000. 30000. BNE BNE BNE 1926 3.50 4.50 7.00 12. 90. 650. tions, fi xed-price lists and any additional information acquired 1859 Dbl P 9 #1 225.
    [Show full text]
  • An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext
    An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext By Isaac Quinn DuPont A thesis submitted in conformity with the requirements for the degree of Doctor of Philosophy Faculty of Information University of Toronto © Copyright by Isaac Quinn DuPont 2017 ii An Archeology of Cryptography: Rewriting Plaintext, Encryption, and Ciphertext Isaac Quinn DuPont Doctor of Philosophy Faculty of Information University of Toronto 2017 Abstract Tis dissertation is an archeological study of cryptography. It questions the validity of thinking about cryptography in familiar, instrumentalist terms, and instead reveals the ways that cryptography can been understood as writing, media, and computation. In this dissertation, I ofer a critique of the prevailing views of cryptography by tracing a number of long overlooked themes in its history, including the development of artifcial languages, machine translation, media, code, notation, silence, and order. Using an archeological method, I detail historical conditions of possibility and the technical a priori of cryptography. Te conditions of possibility are explored in three parts, where I rhetorically rewrite the conventional terms of art, namely, plaintext, encryption, and ciphertext. I argue that plaintext has historically been understood as kind of inscription or form of writing, and has been associated with the development of artifcial languages, and used to analyze and investigate the natural world. I argue that the technical a priori of plaintext, encryption, and ciphertext is constitutive of the syntactic iii and semantic properties detailed in Nelson Goodman’s theory of notation, as described in his Languages of Art. I argue that encryption (and its reverse, decryption) are deterministic modes of transcription, which have historically been thought of as the medium between plaintext and ciphertext.
    [Show full text]
  • Data Extraction Tool
    ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID Mayur Anand B.E, Visveswaraiah Technological University, Karnataka, India, 2007 PROJECT Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE at CALIFORNIA STATE UNIVERSITY, SACRAMENTO SPRING 2011 ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID A Project by Mayur Anand Approved by: __________________________________, Committee Chair Isaac Ghansah, Ph.D. __________________________________, Second Reader Chung-E-Wang, Ph.D. ____________________________ Date ii Student: Mayur Anand I certify that this student has met the requirements for format contained in the University format manual, and that this project is suitable for shelving in the Library and credit is to be awarded for the Project. __________________________, Graduate Coordinator ________________ Nikrouz Faroughi, Ph.D. Date Department of Computer Science iii Abstract of ANALYSIS OF COMMUNICATION PROTOCOLS FOR HOME AREA NETWORKS FOR SMART GRID by Mayur Anand This project discusses home area networks in Smart Grid. A Home Area Network plays a very important role in communication among various devices in a home. There are multiple technologies that are in contention to be used to implement home area networks. This project analyses various communication protocols in Home Area Networks and their corressponding underlying standards in detail. The protocols and standards covered in this project are ZigBee, Z-Wave, IEEE 802.15.4 and IEEE 802.11. Only wireless protocols have been discussed and evaluated. Various security threats present in the protocols mentioned above along with the counter measures to most of the threats have been discussed as well.
    [Show full text]
  • The WG Stream Cipher
    The WG Stream Cipher Yassir Nawaz and Guang Gong Department of Electrical and Computer Engineering University of Waterloo Waterloo, ON, N2L 3G1, CANADA [email protected], [email protected] Abstract. In this paper we propose a new synchronous stream cipher, called WG ci- pher. The cipher is based on WG (Welch-Gong) transformations. The WG cipher has been designed to produce keystream with guaranteed randomness properties, i.e., bal- ance, long period, large and exact linear complexity, 3-level additive autocorrelation, and ideal 2-level multiplicative autocorrelation. It is resistant to Time/Memory/Data tradeoff attacks, algebraic attacks and correlation attacks. The cipher can be imple- mented with a small amount of hardware. 1 Introduction A synchronous stream cipher consists of a keystream generator which produces a sequence of binary digits. This sequence is called the running key or simply the keystream. The keystream is added (XORed) to the plaintext digits to produce the ciphertext. A secret key K is used to initialize the keystream generator and each secret key corresponds to a generator output sequence. Since the secret key is shared between the sender and the receiver, an identical keystream can be generated at the receiving end. The addition of this keystream with the ciphertext recovers the original plaintext. Stream ciphers can be divided into two major categories: bit-oriented stream ci- phers and word-oriented stream ciphers. The bit-oriented stream ciphers are usually based on binary linear feedback shift registors (LFSRs) (regularly clocked or irregu- larly clocked) together with filter or combiner functions. They can be implemented in hardware very efficiently.
    [Show full text]
  • A Somewhat Historic View of Lightweight Cryptography
    Intro History KATAN PRINTcipher Summary A Somewhat Historic View of Lightweight Cryptography Orr Dunkelman Department of Computer Science, University of Haifa Faculty of Mathematics and Computer Science Weizmann Institute of Science September 29th, 2011 Orr Dunkelman A Somewhat Historic View of Lightweight Cryptography 1/ 40 Intro History KATAN PRINTcipher Summary Outline 1 Introduction Lightweight Cryptography Lightweight Cryptography Primitives 2 The History of Designing Block Ciphers 3 The KATAN/KTANTAN Family The KATAN/KTANTAN Block Ciphers The Security of the KATAN/KTANTAN Family Attacks on the KTANTAN Family 4 The PRINTcipher The PRINTcipher Family Attacks on PRINTcipher 5 Future of Cryptanalysis for Lightweight Crypto Orr Dunkelman A Somewhat Historic View of Lightweight Cryptography 2/ 40 Intro History KATAN PRINTcipher Summary LWC Primitives Outline 1 Introduction Lightweight Cryptography Lightweight Cryptography Primitives 2 The History of Designing Block Ciphers 3 The KATAN/KTANTAN Family The KATAN/KTANTAN Block Ciphers The Security of the KATAN/KTANTAN Family Attacks on the KTANTAN Family 4 The PRINTcipher The PRINTcipher Family Attacks on PRINTcipher 5 Future of Cryptanalysis for Lightweight Crypto Orr Dunkelman A Somewhat Historic View of Lightweight Cryptography 3/ 40 Intro History KATAN PRINTcipher Summary LWC Primitives Lightweight Cryptography ◮ Targets constrained environments. ◮ Tries to reduce the computational efforts needed to obtain security. ◮ Optimization targets: size, power, energy, time, code size, RAM/ROM consumption, etc. Orr Dunkelman A Somewhat Historic View of Lightweight Cryptography 4/ 40 Intro History KATAN PRINTcipher Summary LWC Primitives Lightweight Cryptography ◮ Targets constrained environments. ◮ Tries to reduce the computational efforts needed to obtain security. ◮ Optimization targets: size, power, energy, time, code size, RAM/ROM consumption, etc.
    [Show full text]
  • A History of Syntax Isaac Quinn Dupont Facult
    Proceedings of the 2011 Great Lakes Connections Conference—Full Papers Email: A History of Syntax Isaac Quinn DuPont Faculty of Information University of Toronto [email protected] Abstract the arrangement of word tokens in an appropriate Email is important. Email has been and remains a (orderly) manner for processing by computers. Per- “killer app” for personal and corporate correspond- haps “computers” refers to syntactical processing, ence. To date, no academic or exhaustive history of making my definition circular. So be it, I will hide email exists, and likewise, very few authors have behind the engineer’s keystone of pragmatism. Email attempted to understand critical issues of email. This systems work (usually), because syntax is arranged paper explores the history of email syntax: from its such that messages can be passed. origins in time-sharing computers through Request This paper demonstrates the centrality of for Comments (RFCs) standardization. In this histori- syntax to the history of email, and investigates inter- cal capacity, this paper addresses several prevalent esting socio–technical issues that arise from the par- historical mistakes, but does not attempt an exhaus- ticular development of email syntax. Syntax is an tive historiography. Further, as part of the rejection important constraint for contemporary computers, of “mainstream” historiographical methodologies this perhaps even a definitional quality. Additionally, as paper explores a critical theory of email syntax. It is machines, computers are physically constructed. argued that the ontology of email syntax is material, Thus, email syntax is material. This is a radical view but contingent and obligatory—and in a techno– for the academy, but (I believe), unproblematic for social assemblage.
    [Show full text]
  • "Knowledge Will Be Manifold": Daniel 12.4 and the Idea of Intellectual Progress in the Middle Ages J
    Bridgewater State University Virtual Commons - Bridgewater State University History Faculty Publications History Department 2014 "Knowledge Will Be Manifold": Daniel 12.4 and the Idea of Intellectual Progress in the Middle Ages J. R. Webb Bridgewater State University, [email protected] Follow this and additional works at: http://vc.bridgew.edu/history_fac Part of the History Commons, and the Medieval Studies Commons Virtual Commons Citation Webb, J. R. (2014). "Knowledge Will Be Manifold": Daniel 12.4 and the Idea of Intellectual Progress in the Middle Ages. In History Faculty Publications. Paper 38. Available at: http://vc.bridgew.edu/history_fac/38 This item is available as part of Virtual Commons, the open-access institutional repository of Bridgewater State University, Bridgewater, Massachusetts. “Knowledge Will Be Manifold”: Daniel 12.4 and the Idea of Intellectual Progress in the Middle Ages By J. R. Webb Je l’offre [ce livre] surtout a` mes critiques, a` ceux qui voudront bien le corriger, l’ameliorer,´ le refaire, le mettre au niveau des progres` ulterieurs´ de la science. “Plurimi pertransibunt, et multiplex erit scientia.” (Jules Michelet, Histoire de France, 1, 1833) Thus wrote Michelet to open his monumental history of France. By deploying this prophetic line from the book of Daniel in support of a positivistic approach to historical science, he was participating in a discourse on this perplexing passage that spanned nearly two millennia. He perhaps surmised this, though he probably did not know how deeply the passage penetrated into the intellectual tradition of the West or that he was favoring one interpretation of it over another.1 It is the trajectory of the interpretations of Daniel 12.4 in the Latin West from their first formulation in late antiquity that concerns the present exploration.
    [Show full text]
  • WAGE: an Authenticated Encryption with a Twist
    WAGE: An Authenticated Encryption with a Twist Riham AlTawy1, Guang Gong2, Kalikinkar Mandal2 and Raghvendra Rohit2 1 Department of Electrical and Computer Engineering, University of Victoria, Victoria, Canada [email protected] 2 Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Canada {ggong,kmandal,rsrohit}@uwaterloo.ca Abstract. This paper presents WAGE, a new lightweight sponge-based authenticated cipher whose underlying permutation is based on a 37-stage Galois NLFSR over F27 . At its core, the round function of the permutation consists of the well-analyzed Welch- Gong permutation (WGP), primitive feedback polynomial, a newly designed 7-bit SB sbox and partial word-wise XORs. The construction of the permutation is carried out such that the design of individual components is highly coupled with cryptanalysis and hardware efficiency. As such, we analyze the security of WAGE against differential, linear, algebraic and meet/miss-in-the-middle attacks. For 128-bit authenticated encryption security, WAGE achieves a throughput of 535 Mbps with hardware area of 2540 GE in ASIC ST Micro 90 nm standard cell library. Additionally, WAGE is designed with a twist where its underlying permutation can be efficiently turned into a pseudorandom bit generator based on the WG transformation (WG-PRBG) whose output bits have theoretically proved randomness properties. Keywords: Authenticated encryption · Pseudorandom bit generators · Welch-Gong permutation · Lightweight cryptography 1 Introduction Designing a lightweight cryptographic primitive requires a comprehensive holistic ap- proach. With the promising ability of providing multiple cryptographic functionalities by the sponge-based constructions, there has been a growing interest in designing cryp- tographic permutations and sponge-variant modes.
    [Show full text]